CVE-2025-11154

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users...

CVE-2025-11154 IDonate < 2.1.13 - Unauthenticated User Deletion

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users...

CVE-2025-11154

CVE-2025-11154 affects IDonate for WordPress, vulnerable in versions prior to 2.1.13 due to missing authorization and CSRF protection when deleting users via an action handler. This unauthenticated flow allows an attacker to delete arbitrary users. Reported across multiple sources (Wordfence, Pat...

Siemens SIMATIC Devices Improper Input Validation (CVE-2025-21765)

ipv6: use RCU protection in ip6defaultadvmss ip6defaultadvmss needs rcu protection to make sure the net structure it reads does not disappear. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2024-35950)

drm/client: Fully protect modes with dev-modeconfig.mutex This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503496; scriptversion"1.2";...

Siemens SIMATIC Devices Use After Free (CVE-2025-21763)

neighbour: use RCU protection in neighnotify This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503482; scriptversion"1.2";...

Siemens SIMATIC Devices Use After Free (CVE-2025-21760)

ndisc: extend RCU protection in ndiscsendskb This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503636; scriptversion"1.2";...

CVE-2025-34503 Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution

Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...

EUVD-2022-54472

In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 "sock: Introduce sk-skprot-psockupdateskprot" has moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto function. I'm guessing that this was...

CVE-2025-43995

Dell Storage Center - Dell Storage Manager, versions 20.1.21, contains an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An...

SUSE-SU-2025:20913-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_5

This update for kernel-livepatch-MICRO-6-0-RTUpdate5 fixes the following issues: - CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretm...

Think passwordless is too complicated? Let's clear that up

By Janet Ho, Cisco Duo Why passwords are still a problem We've relied on passwords for years to protect our online accounts, but they've also become one of the easiest ways attackers get in. Many people reuse or simplify passwords, or even write them down because it's hard to remember so many. Th...

Update Rollup 3 for System Center 2022 Data Protection Manager

Update Rollup 3 for System Center 2022 Data Protection Manager Applies to: System Center 2022 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 3 for Microsoft System Center Data Protection Manager 2022. It also contains the installation...

Harden your identity defense with improved protection, deeper correlation, and richer context

In today’s digital-first enterprise, identities have become the new corporate security perimeter. Hybrid work and cloud-first strategies have dissolved traditional network boundaries and dramatically increased the complexity of identity fabrics. Security teams are left managing a constellation of...

EUVD-2022-54627

In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGCREMOVED logic and implement it properly The initially merged version of the igc driver code via commit 146740f9abc4, "igc: Add support for PF" contained the following IGCREMOVED checks in the igcrd32/wr32 MMIO...

Meta boosts scam protection on WhatsApp and Messenger

Vulnerable Facebook Messenger and WhatsApp users are getting more protection thanks to a move from the applications' owner, Meta. The company has announced more safeguards to protect users especially the elderly from scammers. The social media, publishing, and VR giant has added a new warning on...

PT-2025-43462

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A security issue exists in the Android Framework that could allow a remote attacker to escalate privileges. The issue involves a permissions bypass that may allow launching activities from th...

PT-2025-43506

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description The issue resides in the hasAccountsOnAnyUser function within DevicePolicyManagerService.java. A logic error in the code allows for the addition of a Device Owner after provisioning. This can...

PT-2025-43504

Name of the Vulnerable Software and Affected Versions Android Framework affected versions not specified Description A flaw in the Android Framework component allows a remote attacker to cause a persistent denial of service through resource exhaustion. The issue exists in the onHeaderDecoded...

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.18.41-i586-1slack15.0.txz: Upgraded. This update fixes security issues: DNSSEC validation fails if matching but invalid DNSKEY is...